Information processing system and information processing apparatus

ABSTRACT

An information processing apparatus includes an equipment means equipped on a predetermined portion of a living body and has a storage means which a first biological identification data associated with the predetermined portion of the living body, and a communication means which is held by the equipment means and transmits the first biological identification data to a communication target to which the predetermined position equipped with the equipment means is brought close. A biological authentication means which performs biological authentication, based on the first biological identification data and on a second biological identification data, said second biological identification data being extracted from biological information detected by a biological sensor.

TECHNICAL FIELD

The present invention relates to an information processing system and aninformation processing apparatus which are preferably used in case ofauthenticating data based on blood vessels inherent to a living body.

BACKGROUND ART

Conventional authentication devices which execute an authenticationprocessing based on a formation pattern of blood vessels inherent to aliving body (which will be called a blood vessel formation patternhereinafter) have been proposed.

This kind of authentication device picks up an image of a registrant byutilizing a characteristic that light within a near infrared band ispeculiarly absorbed by deoxygenated hemoglobin (venous blood) oroxygenated hemoglobin (arterial blood). From a blood vessel imageobtained as a result of the picking up of an image, a blood vesselformation pattern (hereinafter called a registered blood vesselformation pattern) is extracted and registered in a predetermineddatabase.

The authentication device further extracts a blood vessel formationpattern of a target to authenticate (which will be called anauthentication target's blood vessel formation pattern) like in theprocess of registration as described above, and compares this bloodvessel formation pattern of the target sequentially with pluralregistered blood vessel formation patterns which have been registered inadvance in a database. Thus, whether the target is an identical person(to the registrant) or not is determined (see, for example, PatentDocument 1).

Patent Document 1: Japanese Patent Application No. 2003-242492

However, in this kind of authentication device, plural registered bloodvessel formation patterns are sequentially compared until a registeredblood vessel formation pattern corresponding to the authenticationtarget's blood vessel formation pattern is found. Therefore, processingtime required for comparison with the authentication target's bloodvessel formation pattern tends to extend. This results in a problem thatusers have to wait for a longer time.

In particular, as the number of registered blood vessel formationpattern registered in the database increases, required processing timeextends. This tendency results in that waiting time for users becomesmuch longer.

DISCLOSURE OF THE INVENTION

The present invention has been made in consideration of the above andhas an object of providing an information processing system and aninformation processing apparatus which are capable of remarkablyimproving usability.

To achieve this object, according to the present invention, aninformation processing system comprises first and second informationprocessing apparatuses, wherein the first information processingapparatus includes a storage means which stores an identification targetat a predetermined portion of a living body, as biologicalidentification data, and a first communication means which is broughtclose to a predetermined position, held by the living body, and performscommunication kept close at the predetermined position, and the secondinformation processing apparatus includes a biological sensor whichdetects the living body kept close to the position, as biological data,a second communication means which communicates with the firstcommunication means held by the living body kept close to thepredetermined position, an extraction means which extracts biologicaldata corresponding to the predetermined portion, from the biologicaldata detected by the biological sensor, and a biological authenticationmeans which performs biological authentication, based on the biologicaldata corresponding to the predetermined portion and extracted by theextraction means, and on the biological identification data obtainedfrom the first information processing apparatus via the first and secondcommunication means.

Therefore, in this information processing system, the first informationprocessing apparatus only needs to be brought close to the secondinformation processing apparatus. Then, the second informationprocessing apparatus can automatically obtain biological data of a userwho holds the first information processing apparatus. Accordingly, aprocessing of reading and comparing respective biological identificationdata in an arbitrary order from a database in the second informationprocessing apparatus can be obviated, compared with another case whereall of the biological identification data respectively stored in pluralfirst information processing apparatuses are registered as the databasein the second information processing apparatus. Time spent for theprocessing can be remarkably shortened.

Also according to the present invention, an information processingapparatus comprises: a biological sensor which detects a living bodybrought close to a predetermined position, as biological data; anear-distance communication means which communicates with acommunication target held by the living body brought close to thepredetermined position; an extraction means which extracts biologicaldata at the predetermined portion, from the biological data detected bythe biological sensor, and a biological authentication means whichperforms comparison, based on the biological data at the predeterminedportion and extracted by the extraction means with the biologicalidentification data registered in the communication target and obtainedfrom the communication target via the near-distance communication means.

Therefore, in this information processing apparatus, biological data ofa user who holds the communication target can be automatically obtainedif only the communication target is brought close. Accordingly, aprocessing of reading and comparing respective biological identificationdata in an arbitrary order from a database can be obviated, comparedwith another case where all of the biological identification datarespectively stored in plural communication targets are registered asthe database. Time spent for the processing can be remarkably shortened.

Further according to the present invention, an information processingapparatus comprises: an equipment means which is equipped on apredetermined portion of a living body; a storage means which stores anidentification target at a predetermined portion of a living body, asbiological identification data, and a communication means which is heldby the equipment means and transmits the biological identification datato the communication target to which the predetermined portion equippedwith the equipment means is brought close, wherein by the communicationtarget, the living body which has been brought close with the equipmentmeans equipped is detected as biological data.

Therefore, in this information processing apparatus, biological data ofa user who holds the communication target can be automatically obtainedif only the equipment means equipped at the predetermined portion of theliving body is brought close to the communication target. Accordingly, aprocessing of reading and comparing respective biological identificationdata in an arbitrary order from a database can be obviated, comparedwith another case where all of the biological identification datarespectively stored in plural information processing apparatuses areregistered as the database in the communication target. Time spent forthe processing can be remarkably shortened.

According to the information processing system of the present invention,the first information processing apparatus only needs to be broughtclose to the second information processing apparatus. Then, the secondinformation processing apparatus can automatically obtain biologicaldata of a user who holds the first information processing apparatus.Accordingly, a processing of reading and comparing respective biologicalidentification data in an arbitrary order from a database in the secondinformation processing apparatus can be obviated, compared with anothercase where all of the biological identification data respectively storedin plural first information processing apparatuses are registered as thedatabase in the second information processing apparatus. In accordancewith shortening of time spent for the processing, user's waiting timecan be shortened. Thus, usability can improve remarkably.

Also according to the information processing apparatus of the presentinvention, biological data of a user who holds the communication targetcan be automatically obtained if only the communication target isbrought close. Accordingly, a processing of reading and comparingrespective biological identification data in an arbitrary order from adatabase can be obviated, compared with another case where all of thebiological identification data respectively stored in pluralcommunication targets are registered as the database. In accordance withshortening of time spent for the processing, user's waiting time can beremarkably shortened. Thus, usability can improve remarkably.

Further according to the information processing apparatus of the presentinvention, biological data of a user who holds the communication targetcan be automatically obtained if only the equipment means equipped atthe predetermined portion of the living body is brought close to thecommunication target. Accordingly, a processing of reading and comparingrespective biological identification data in an arbitrary order from adatabase can be obviated, compared with another case where all of thebiological identification data respectively stored in plural informationprocessing apparatuses are registered as the database in thecommunication target. In accordance with shortening of time spent forthe processing, user's waiting time can be remarkably shortened. Thus,usability can improve remarkably.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram showing the entire configuration of aninformation processing system according to a first embodiment.

FIG. 2 is a schematic diagram showing configurations of a card terminaland an authentication device (1).

FIG. 3 is a schematic diagram showing a configuration of the cardterminal and authentication device (2).

FIG. 4 is a schematic diagram showing light paths of near infrared light(1).

FIG. 5 is a schematic diagram showing specific circuit configurations ofa terminal signal processing section and an authentication processingsection according to the first embodiment.

FIG. 6 is a flowchart showing a first authentication processingprocedure.

FIG. 7 is a schematic diagram showing the entire configuration of theinformation processing system according to a second embodiment.

FIG. 8 is a schematic diagram showing the structure of a ring terminal.

FIG. 9 is a schematic diagram showing configurations of the ringterminal and an authentication device (1).

FIG. 10 is a schematic diagram showing a configuration of the ringterminal and authentication device (2).

FIG. 11 is a schematic diagram showing specific circuit configurationsof a terminal signal processing section and an authentication processingsection according to the second embodiment.

FIG. 12 is a schematic diagram showing light paths of near infraredlight (2).

FIG. 13 is a flowchart showing a second authentication processingprocedure.

FIG. 14 is a schematic diagram showing biological authentication (1)according to another embodiment.

FIG. 15 is a flowchart showing a third authentication processingprocedure.

FIG. 16 is a schematic diagram showing biological authentication (2)according to another embodiment.

FIG. 17 is a flowchart showing a fourth authentication processingprocedure.

FIG. 18 is a schematic diagram showing biological authentication (3)according to another embodiment.

FIG. 19 is a flowchart showing a fifth authentication processingprocedure.

FIG. 20 are schematic diagrams showing a data transmission processingand a biological authentication processing.

BEST MODE FOR CARRYING OUT THE INVENTION

Hereinafter, an embodiment of the present invention will be describedspecifically with reference to the drawings.

(1) First Embodiment (1-1) Entire Configuration of an InformationProcessing System According to the First Embodiment

In FIG. 1, a reference numeral 1 denotes, as a whole, the informationprocessing system according to the first embodiment, which isconstituted by plural terminal devices (hereinafter called cardterminals) 2 i (where i=1, 2, . . . , N) each having a card-like shape,an authentication device 3, and a card terminal management server 4.

The card terminals 2i have been respectively issued to users as targetsfor whom predetermined services are provided. Each of the card terminals2 i maintains a pattern forming blood vessels (hereinafter called ablood vessel formation pattern) which a corresponding user internallyhas, as registered data (hereinafter called registered blood vesselpattern data).

On one side, the authentication device 3 is placed at a predeterminedplacement location. This device 3 is configured such that whether or nota user who is going to receive a service is the identical person to aregular user (hereinafter called a registrant) who has registered his orher own blood vessel formation pattern is determined based on registeredblood vessel pattern data maintained in each card terminal 2 i. Althoughthis information processing system 1 relates to a case of placing oneauthentication device 3, plural authentication devices 3 may be placedat predetermined placement locations.

On the other side, the card terminal management server 4 is configuredso as to manage the card terminals 2 i, based on inherent terminal IDs(Identifiers) maintained by the card terminal 2 i, respectively.

When a service is provided by this information processing system 1, auser brings a card terminal 2 x (x=1, 2, . . . , or N) close to over apredetermined position of the authentication device 3. In this case, theauthentication device 3 obtains a blood vessel formation pattern of theuser's hand by which the card terminal 2 x is approximated. The device 3also relays mutual authentication between the card terminal 2 x based onthe terminal ID and the card terminal management server 4. In responseto an authentication result thereof, the authentication device 3 obtainsregistered blood vessel pattern data maintained in the card terminal 2x.

In this state, the authentication device 3 compares a blood vesselformation pattern obtained from the user with another blood vesselformation pattern expressed by the registered blood vessel pattern dataobtained from the card terminal 2 x. Then, whether the target is anidentical person or not is determined.

Thus, in the information processing system 1, the card terminal 2 xneeds only to be brought close to the authentication device 3. Theauthentication device 3 then automatically obtains a blood vesselformation pattern of the user who just holds the card terminal 2 x, andcompares this blood vessel formation pattern with another blood vesselformation pattern which has registered in advance in the card terminal 2x.

Accordingly, the information processing system 1 can avoid a process ofreading and comparing blood vessel formation patterns in an arbitraryorder from the database in the authentication device 3, compared with acase of registering all of the blood vessel formation patternsrespectively stored in plural card terminals 2 i, as a database in theauthentication device 3. Therefore, time for the process can be saved sothat time can be greatly reduced.

Also the information processing system 1 can more safely avoid bloodvessel formation patterns registered in the database from being stolenand fraudulently used by a manager of the authentication device 3,compared with a case of registering all of the blood vessel formationpatterns respectively stored in plural card terminals 2 i, as a databasein the authentication device 3. Therefore, reliability of the bloodvessel formation patterns can improve.

Further in this information processing system 1, blood vessels asintrinsic tissue existing inside a living body are chosen as anauthentication target. Compared with another case of using as anauthentication target a fingerprint or the like appearing on the surfaceof a living body, the system 1 can more safely prevent not only directsteals from the living body but also masquerading of a third person as aregistrant.

(1-2) Structures of the Card Terminal and Authentication Device

FIGS. 2 and 3 respectively show the structures of the card terminal 2 xand authentication device 3.

The card terminal 2 x includes an antenna coil (hereinafter called aterminal antenna) AT_(CD) and a signal processing section (hereinaftercalled a terminal signal processing section) IC_(CD) 1 connected to theantenna coil AT_(CD), at predetermined positions. A terminal ID andregistered blood vessel pattern data are registered in the terminalsignal processing section IC_(CD) 1.

When an electromagnetic induction signal fed from the authenticationdevice 3 is received via the terminal antenna AT_(CD), the terminalsignal processing section IC_(CD) 1 starts up, using as a drive voltagea voltage induced in response to the signal received. The authenticationdevice 3 performs mutual authentication by exchanging various data witha card terminal management server 4 via the authentication device 3 anda network NT (FIG. 1).

The terminal signal processing section IC_(CD) 1 also encryptsregistered blood vessel pattern data by use of encryption data suppliedfrom the authentication device 3 in response to the authentication, andtransmits the encrypted registered blood vessel pattern data to theauthentication device 3 via the terminal antenna AT_(CD).

Meanwhile, the authentication device 3 has, for example, a rectangularcylindrical shape. A face (hereinafter called an approach face) 3A towhich the card terminal 2 x is brought near is chosen and defined on thehousing of the authentication device 3. An open window OW made ofcolorless transparent glass is formed in the approach face 3A, and anantenna coil (hereinafter called an authentication antenna) AT_(cr) isprovided surrounding the open window OW.

The authentication antenna AT_(cr) is connected to a signal processingsection (hereinafter called an authentication signal processing section)IC_(cr) 1 built in at a predetermined position in the housing of theauthentication device 3. The authentication signal processing sectionIC_(cr) 1 is configured to send an electromagnetic induction signal viathe authentication antenna AT_(cr). By the electromagnetic inductionsignal, the card terminal 2 x which has been set near to the approachface 3A is started up in a battery free state.

In addition to the structure as described above, the authenticationsignal processing section IC_(cr) 1 is connected to a biologicalinformation read section LIR which reads blood vessels in the handgrasping the card terminal 2 x set near to the approach face 3A. Thisbiological information read section LIR is constituted by an imagingcamera CM (FIG. 3) provided below the open window OW, and one or two ormore near infrared light sources LS provided at predetermined positionson the approach face 3A.

In case of this embodiment, the hand grasping the card terminal 2 x andthe approach face 3A are configured to be situated close to each otherwith a predetermined positional relationship kept therebetween. Forexample, as shown in FIG. 3, the hand and the approach face 3A arebrought close to each other such that the finger pads of fingers of thehand are parallel to the approach face 3A and opposed thereto from apredetermined direction DR.

Alternatively, the hand may be let actively approach the approach face3A, or may be let passively approach the face via a member (not shown)to locate the hand at a predetermined position. Registered blood vesselpattern data stored in advance in the terminal signal processing sectionIC_(CD) 1 (FIG. 2) are data express a blood vessel formation patternextracted from a hand situated in a predetermined positionalrelationship with the approach face 3A.

In case where the hand grasping the card terminal 2 x is thus letapproach the approach face 3A, the authentication signal processingsection IC_(cr) 1 is supplied with data concerning mutual authenticationfrom the card terminal 2 x upon startup of the card terminal 2 x.

In this case, the authentication signal processing section IC_(cr) 1connects the card terminal management server 4 (FIG. 1) via the networkNT (FIG. 1), and performs transmission concerning the mutualauthentication to the card terminal management server 4 via the networkNT. Upon reception of data concerning the mutual authentication suppliedfrom the card terminal management server 4, the authentication signalprocessing section IC_(cr) 1 transmits the data to the card terminal 2 xvia the authentication antenna AT_(cr).

On the other side, the authentication signal processing section IC_(cr)1 drives the biological information read section LIR. In this case, asindicated by broken lines in FIG. 4, the near infrared light emittedinto an imaging space from the near infrared light source LS is emittedon the fingers of the hand grasping the card terminal 2 x. The nearinfrared light is absorbed by hemoglobin flowing in the blood vesselsexisting in the fingers. Simultaneously, the near infrared light isscattered and reflected by tissue other than the blood vessels, and goesout of the fingers. The outgoing near infrared light is obtained as suchnear infrared light that projects the blood vessels (hereinafter calledblood vessel projection light). This blood vessel projection light runsfrom the open window OW (FIG. 1) sequentially through an imaging lens 10a of the imaging camera CM, a diaphragm (not shown), and a near infraredlight pass filter 10 b, and enters into a solid state imaging element 10c.

The authentication signal processing section IC_(cr) 1 controls theimaging camera CM, to adjust the focus distance and focus position ofthe imaging lens 10 a, as well as adjust the light quantity of the bloodvessel projection light entering into the solid state imaging element 10c. Further, the authentication signal processing section IC_(cr) 1generates, at predetermined timing, a blood vessel image signal from animage formed on a imaging plane of the solid state imaging element 10 c,and extracts a blood vessel formation pattern from the blood vesselimage signal.

Also, if mutual authentication between the card terminal 2 x and thecard terminal management server 4 is completed successfully, theauthentication signal processing section IC_(cr) 1 transmits apredetermined encryption key to the card terminal 2 x via theauthentication antenna AT_(cr) in response to the successful mutualauthentication. Further, the authentication signal processing sectionIC_(cr) 1 receives registered blood vessel pattern data encrypted by theencryption key, from the card terminal 2 x via the authenticationantenna AT_(cr), and then decrypts the data.

Thus, the authentication signal processing section IC_(cr) 1 obtains ablood vessel formation pattern extracted from the user as an imagingtarget and another blood vessel formation pattern expressed by theregistered blood vessel pattern data registered in the card terminal 2x.

The authentication signal processing section IC_(cr) 1 further comparesthese blood vessel formation patterns, to determine presence or absenceof the person identical to the registrant, depending on the comparisonresult. This determination result is notified to a service providingprocessing section mounted in the authentication device or connectedexternally to the authentication device 3. The service providingprocessing section accordingly provides a predetermined service for theregistrant.

(1-3) Specific Circuit Configurations of the Signal Processing Sections

Next, specific circuit configurations of the terminal signal processingsection IC_(CD) 1 and authentication signal processing section IC_(cr) 1will be described.

In FIG. 5, the terminal signal processing section IC_(CD) 1 of the cardterminal 2 x is constituted by mutually connecting an internal memory22, a transmission/reception section 23, an encryption/decryptionsection 24, and a random number generation section 25 each via a bus 26to a CPU (Central Processing Unit: hereinafter called a terminal CPU) 21which controls the whole terminal signal processing section IC_(CD) 1.The internal memory 22 is constituted by a ROM (Read Only Memory) with aprogram, various setting data, and the like stored therein, a RAM(Random Access Memory) as a work memory, and an EEPROM (ElectricallyErasable Programmable Read Only Memory) with various parameters storedtherein. The transmission/reception section 23 transmits/receivesvarious signals according to an electromagnetic induction scheme.

Upon reception of an electromagnetic induction signal supplied from theauthentication device 3 via the terminal antenna AT_(CD), thetransmission/reception section 23 accumulates a voltage induced inresponse thereto, in an internal battery (not shown). If the accumulatedvoltage reaches a predetermined threshold value, the voltage is suppliedas a drive voltage to each circuit section. As a result of this, thecard terminal 2 x starts up.

In this state, the terminal CPU 21 generates startup notification dataD1 to notify the startup, based on a program and setting data stored inthe ROM in the internal memory 22. Further, the terminal CPU 21transmits the startup notification data D1 to the authentication device3 sequentially through the transmission/reception section 23, and theterminal antenna AT_(CD), and controls respective circuit sections toperform mutual authentication with the card terminal management server4.

Meanwhile, the authentication signal processing section IC_(cr) 1 of theauthentication device 3 is constituted by mutually connecting aninternal memory 32, a transmission/reception section 33, anencryption/decryption section 34, a network interface 35, a drivecontrol section 36, a pattern extraction section 37, and anauthentication section 38 each via a bus 39 to a CPU (hereinafter calledan authentication CPU) 31 which controls the whole authentication signalprocessing section IC_(cr) 1. The internal memory 32 is constituted by aROM with a program, various setting data, and the like stored therein, aRAM as a work memory of the authentication CPU 31, and an EEPROM withvarious parameters stored therein. The transmission/reception section 33transmits/receives various signals according to an electromagneticinduction scheme. The drive control section 36 drives and controls thebiological information read section LIR. The pattern extraction section37 extracts a blood vessel formation pattern from a reading result fromthe biological information read section LIR.

The transmission/reception section 33 sends an electromagnetic inductionsignal via the authentication antenna AT_(cr). When startup notificationdata D1 sent from the card terminal 2 x started up by theelectromagnetic induction signal are received via the authenticationantenna AT_(cr), the transmission/reception section 33 sends out thedata to the authentication CPU 31.

Upon reception of the startup notification data D1 supplied from thetransmission/reception section 33, the authentication CPU 31 controlsrespective circuit sections, based on the program and setting datastored in the ROM of the internal memory 32, to relay mutualauthentication between the card terminal 2 x and the card terminalmanagement server 4.

(1-4) Relay Processing of Mutual Authentication

Now, the relay processing of relaying mutual authentication in theauthentication device 3 will be described specifically together withmutual authentication between the card terminal 2 x and theauthentication device 3.

In actual, the terminal CPU 21 generates, upon startup, data D2 a takingthe terminal ID as a seed (Seed) (hereinafter called seed data) and dataD2 b which diffuses the seed data D2 a (hereinafter called diffusiondata), and sends these data to the random number generation section 25.

The random number generation section 25 diffuses the seed data D2 a bythe diffusion data D2 b thereby to generate data D3 of a random numberpattern (hereinafter called random number pattern data). The randomnumber generation section 25 further sends the data to theencryption/decryption section 24.

The encryption/decryption section 24 performs a predetermined encryptionprocessing such as DES (Data Encryption Standard), on the random numberpattern data D3, by use of key information which has been maintained inadvance. The encryption/decryption section 24 transmits encrypted randomnumber pattern data D4 obtained as a result of the encryptionprocessing, to the authentication device 3 sequentially through thetransmission/reception section 23 and the terminal antenna AT_(CD).

The authentication CPU 31 of the authentication device 3 receivesstartup notification data D1 from the card terminal 2 x via theauthentication antenna AT_(cr) and transmission/reception section 33,and then connects with the card terminal management server 4 via thenetwork NT (FIG. 1) from the network interface 35. Thereafter, theauthentication CPU 31 receives the encrypted random number pattern dataD4 transmitted from the card terminal 2 x, sequentially through theauthentication antenna AT_(cr) and the transmission/reception section33. The authentication CPU 31 then transmits the encrypted random numberpattern data D4 to the card terminal management server 4 from thenetwork interface 35.

In the card terminal management server 4, the encrypted random numberpattern data D4 is subjected to a predetermined decryption processing byuse of key information maintained in advance in the card terminalmanagement server 4, and is thereafter subjected to a back-diffusionprocessing. The terminal ID (seed data D2 a) of the card terminal 2 x isthereby obtained.

In this state, if the terminal ID (seed data D2 a) exists in thedatabase maintained in the card terminal management server 4, the cardterminal management server 4 determines that the current communicationpartner is the card terminal 2 x. On the other side, if the terminal IDdoes not exist in the database, the current communication partner isdetermined as masquerading to be the card terminal 2 x. Thisdetermination result is transmitted as management determination data D5to the authentication device 3.

Also in the card terminal management server 4, the terminal ID of thecard terminal 2 x is diffused again by diffusion data corresponding tothe diffusion data D2 b. A diffusion result thereof is subjected to anencryption processing by use of the same key information as that of thecard terminal 2 x. Encrypted random number pattern data D6 obtained as aresult is transmitted to the authentication device 3.

The authentication CPU 31 of the authentication device 3 receives themanagement determination data D5 and encrypted random number patterndata D6 supplied from the card terminal management server 4 via thenetwork interface 35. The authentication CPU 31 temporarily stores themanagement determination data D5 in the internal memory 32, andtransmits the encrypted random number pattern data D6 to the cardterminal 2 x sequentially through the transmission/reception section 33and the authentication antenna AT_(cr).

The terminal CPU 21 of the card terminal 2 x receives the encryptedrandom number pattern data D6 sent back from the authentication device3, sequentially through the terminal antenna AT_(CD) and thetransmission/reception section 23. The terminal CPU 21 then performs adecryption processing on the encrypted random number pattern data D6 byuse of key information. The random number generation section 25generates seed data D7 by back-diffusing a decryption processing resultthereof by the diffusion data D2 b.

Further, if the terminal ID expressed by the seed data D7 agrees withthe own terminal ID, the terminal CPU 21 determines that the currentcommunication partner is the authentication device 3. On the other side,if the terminal ID expressed by the seed data D7 does not agree with theown terminal ID, the terminal CPU 21 determines that the currentcommunication partner as masquerading to be the authentication device 3.The terminal CPU 21 transmits this determination result as terminaldetermination data D8 to the authentication device 3 sequentiallythrough the transmission/reception section 23 and the terminal antennaAT_(CD).

Thus, the authentication CPU 31 of the authentication device 3 relaysvarious data concerning mutual authentication between the card terminal2 x and the authentication device 3. Accordingly, the managementdetermination data D5 and the terminal determination data D8 each can beobtained as a mutual authentication processing result.

(1-5) Biological Authentication Processing

Next, the biological authentication processing will be describedspecifically.

In actual, the authentication CPU 31 receives startup notification dataD1 from the card terminal 2 x sequentially through the authenticationantenna AT_(cr) and the transmission/reception section 33. Then, theterminal CPU 21 controls biological information read section LIR throughthe drive control section 36. Blood vessels inside fingers of the handgrasping the card terminal 2 x which is brought near to the approachface 3A (FIGS. 3 and 4) are imaged by the imaging camera CM of thebiological information read section LIR (FIGS. 3 and 4).

Further, through the pattern extraction section 37, the authenticationCPU 31 performs various processings on a blood vessel image signal S1obtained as an imaging result. The processings are, for example, an A/D(Analog/Digital) conversion processing, a binarization processing, ablood vessel linearization processing, a characteristic point extractionprocessing to extract branch points and the like. The authentication CPU31 sends data D10 obtained as a result of this to the authenticationsection 38.

On the other side, if determination results of the terminaldetermination data D8 and the management determination data D5 which areobtained from the card terminal 2 x and the authentication device 3 as aresult of mutual authentication relay processing, are indicative ofsuccessful authentication of each other, the authentication CPU 31performs, through the encryption/decryption section 34, a predeterminedencryption processing on an authentication encryption key D11 stored inadvance in the internal memory 32, by use of a secret key. Theauthentication CPU 31 transmits the authentication encryption key D11thus encrypted, to the card terminal 2 x sequentially through thetransmission/reception section 33 and authentication antenna AT_(cr).

The terminal CPU 21 of the card terminal 2 x receives the encryptedauthentication encryption key D11 sequentially through thetransmission/reception section 23 and the terminal antenna AT_(CD).Then, through the encryption/decryption section 24, the terminal CPU 21performs a predetermined encryption processing on a terminal encryptionkey D12 stored in advance in the internal memory 22 by use of a secretkey. The terminal CPU 21 transmits the encrypted terminal encryption keyD12 to the authentication device 3 sequentially through thetransmission/reception section 23 and the terminal antenna AT_(CD).

Also, the terminal CPU 21 performs, through the encryption/decryptionsection 24, a predetermined decryption processing on the authenticationencryption key D11 by use of a secret key. Further, the terminal CPU 21encrypts registered pattern data D13 registered in the EEPROM in theinternal memory 22, by use of the decrypted authentication encryptionkey D11. Simultaneously, the terminal CPU 21 encrypts the registeredpattern data D13 encrypted by the authentication encryption key D11,further by use of the terminal encryption key D12. The terminal CPU 21transmits the double encrypted registered pattern data D13 to theauthentication device 3 sequentially through the transmission/receptionsection 23 and the terminal antenna AT_(CD).

The authentication CPU 31 of the authentication device 3 receives theencrypted terminal encryption key D12 sequentially through theauthentication antenna AT_(cr) and the transmission/reception section33. The authentication CPU 31 then performs, through theencryption/decryption section 34, a predetermined decryption processingon the encrypted terminal encryption key D12 by use of a secret key.

The authentication CPU 31 also waits for double encrypted registeredpattern data D13 which is to be transmitted thereafter from the cardterminal 2 x. Further, the authentication CPU 31 receives the doubleencrypted registered pattern data D13. Then, the authentication CPU 31decrypts the data D13 by use of the decrypted terminal encryption keyD12, as well as by use of the authentication encryption key D11previously stored in the internal memory 32. The authentication CPU 31further sends the decrypted registered pattern data D13 to theauthentication section 38.

Thus, when obtaining registered pattern data D13 registered in the cardterminal 2 x, the authentication CPU 31 exchanges the authenticationencryption key D11 and terminal encryption key D12 with the cardterminal 2 x. By use of these encryption keys D11 and D12, theauthentication CPU 31 lets the card terminal 2 x transmit the registeredpattern data D13 encrypted double. Therefore, the authentication CPU 31securely prevents fraudulent use during transmission of the registeredpattern data D13, and so can strengthen security.

The authentication section 38 compares the registered pattern data D13with the data D10 of a blood vessel formation pattern extracted by thepattern 37. If level of agreement between the blood vessel formationpatterns expressed by the data D10 and D13 is equal to or higher than apredetermined threshold value, the authentication section 38 determinesthe target as being the person identical to the registrant. Otherwise,if the level is lower than the threshold value, the target is determinedas being a third person.

(1-6) Authentication Processing Procedure

A series of relay processing and biological authentication processingfor mutual authentication (hereinafter called a first authenticationprocessing) by the authentication CPU 31 is carried out along the firstauthentication processing procedure RT1 shown in FIG. 6.

That is, the authentication CPU 31 receives startup notification data D1from a card terminal 2 x brought close to the approach face 3A. Then,the authentication CPU 31 starts the first authentication processingprocedure RT1 in step SP0. In subsequent step SP1, the authenticationCPU 31 starts up the biological information read section LIR (FIG. 2),and starts extraction of a blood vessel formation pattern existing infingers of the hand grasping the card terminal 2 x.

The authentication CPU 31 further relays mutual authentication betweenthe card terminal 2 x and the card terminal management server 4 in stepSP2. In subsequent step SP3, the authentication CPU 31 determineswhether or not the mutual authentication is completed successfully basedon management determination data D5 and terminal determination data D8supplied from the card terminal 2 x and card terminal management server4.

If the mutual authentication is determined to be completed successfully,the authentication CPU 31 sends its own authentication encryption keyD11 (FIG. 5) to the card terminal 2 x in next step SP4. At the sametime, the authentication CPU 31 obtains a terminal encryption key D12maintained in the card terminal 2 x (FIG. 5) from this card terminal 2x. In subsequent step SP5, the authentication CPU 31 uses theauthentication encryption key D11 and terminal encryption key D12, todecrypt the registered blood vessel formation pattern D13 transmitted indouble encrypted form from the card terminal 2 x.

Further in next step SP6, the authentication CPU 31 compares a user'sblood vessel formation pattern by the startup in step SP1 with anotherregistered blood vessel formation pattern expressed by the registeredblood vessel formation pattern D13 decrypted in step SP5. In subsequentstep SP7, the authentication CPU 31 determines presence or absence ofthe person identical to the registrant, based on the comparison result.Thereafter, the authentication CPU 31 goes to step SP8 and terminatesthe first authentication processing procedure RT1.

Otherwise, if the mutual authentication is determined to have failed,the authentication CPU 31 goes to step SP8 and terminates the firstauthentication processing procedure RT1, without executing theprocessings of steps SP4 to SP7.

Thus, the authentication CPU 31 is configured to be capable of executingthe first authentication processing.

(1-7) Operation and Effects of the First Embodiment

With the configuration as described above, the authentication device 3of the information processing system 1 communicates with the cardterminal 2 x which has been brought close to the approach face 3A (FIG.3) among plural card terminals 2 i (FIG. 1), and obtains registeredpattern data D13 maintained in the card terminal 2 x.

On the other side, the authentication device 3 picks up an image of thehand grasping the card terminal 2 x brought close to the approach face3A, to extract a blood vessel formation pattern from this imagingresult.

Further, the authentication device 3 authenticates whether the user whohas brought the card terminal 2 x close to the approach face 3A is theregistrant of the registered blood vessel formation pattern maintainedin the card terminal 2 x, based on these blood vessel formationpatterns.

Therefore, the authentication device 3 can avoid a processing of readingand comparing blood vessel formation patterns in an arbitrary order froma database in the authentication device 3. Accordingly, time requiredfor the comparison can be remarkably reduced, compared with another casewhere all the blood vessel formation patterns stored respectively in theplural card terminals 2 i are registered as a database in theauthentication device 3.

In this case, the blood vessel formation pattern is maintained in thecard terminal 2 x. Therefore, the authentication device 3 can moresecurely avoid fraudulent use of blood vessel formation patternsregistered in the database, compared in another case where blood vesselformation patterns are registered as a database in the authenticationdevice 3. Accordingly, reliability of the blood vessel formation patterncan improve.

Also, the authentication device 3 relays mutual authentication betweenthe card terminal 2 x and the card terminal management server 4. If themutual authentication is determined to be completed successfully, theauthentication device 3 executes biological authentication. In thismanner, the authentication device 3 can avoid masquerading that aregistered blood vessel formation pattern is fraudulently used andmaintained in a counterfeit card terminal. Therefore, security can bemuch more strengthened.

According to the configurations as described above, a registered bloodvessel formation pattern D13 maintained in the card terminal 2 x whichhas been brought close to the approach face 3A among plural cardterminals 2 i and another blood vessel formation pattern extracted fromthe user grasping the card terminal 2 x are compared with each other. Asa result, comparison processings can be lightened compared with a casewhere all the blood vessel formation patterns respectively stored in theplural card terminals 2 i (FIG. 1) are registered as a database in theauthentication device 3. Accordingly, user's waiting time can beshortened owing to the lightened comparison processings, and thus,usability can improve.

(2) Second Embodiment (2-1) Entire Configuration of an InformationProcessing System According to the Second Embodiment

In FIG. 7, a reference numeral 51 denotes, as a whole, the informationprocessing system according to the second embodiment, which isconstituted by plural terminal devices (hereinafter called ringterminals) 52 i (where i=1, 2, . . . , N) each having a ring-like shape,and an authentication device 53.

The ring terminals 52 i have been respectively distributed to users astargets for whom predetermined services are provided. Each of the ringterminals 52 i maintains an inherent terminal ID as data to identifyregistered blood vessel formation pattern data registered in theauthentication device 53.

On the other side, the authentication device 53 manages terminal IDsrespectively maintained in the ring terminals 52 i and registered bloodvessel pattern data which are compiled in a database. Based on theregistered blood vessel pattern data, whether or not a user who is goingto receive a service is the identical person to a registrant. Althoughthis information processing system 51 exemplifies a case of placing oneauthentication device 53, plural authentication devices 53 may be placedat predetermined placement locations.

When a service is provided by this information processing system 51, auser brings a part wearing a ring terminal 52 x (x=1, 2, . . . , or N)near to a predetermined position of the authentication device 53. Inthis case, the authentication device 53 performs terminal authentication(mutual authentication) with the ring terminal 52 x, based on a terminalID, and obtains a blood vessel formation pattern of blood vesselsexisting in the wearing part to which the ring terminal 52 x has beenbrought close.

If the terminal authentication (mutual authentication) is completedsuccessfully, the authentication device 53 specifies correspondingregistered blood vessel pattern data from the database, based on theterminal ID of the ring terminal 52 x. The authentication device 53compares a blood vessel formation pattern expressed by the specifiedregistered blood vessel pattern data and another blood vessel formationpattern obtained from the user with each other, thereby to determinepresence or absence of the person identical to the registrant.

Thus in this information processing system 51, if only the ring terminal52 x is brought close to the authentication device 53, theauthentication device 53 automatically obtains a blood vessel formationpattern of the user who wears the ring terminal 52 x at this time, andcompares this pattern with another blood vessel formation patternmaintained in the database.

In this case, the authentication device 53 performs comparison afterspecifying a corresponding registered blood vessel formation patternamong plural blood vessel formation patterns registered in the database,based on the terminal ID used for terminal authentication (mutualauthentication). Therefore, processing load thereof can be remarkablyreduced compared with another case of reading and comparing one afteranother of blood vessel formation patterns in an arbitrary order from adatabase. As a result of this, user waiting time can be remarkablyreduced.

In this information processing system 51, a management mechanism forregistered blood vessel pattern data is provided in the authenticationdevice 53, and data (terminal ID) for identifying correspondingregistered blood vessel pattern data among the managed registered bloodvessel pattern data is registered in the card terminals 52 i. In thisrespect, this system differs from the information processing system 1(FIG. 1) in which registered blood vessel formation pattern data areregistered in individual card terminals 2 i without providing amanagement function of the registered blood vessel pattern data.

Therefore, this information processing system 51 has relatively highpossibility of fraudulent use of registered blood vessel pattern data inthe database due to the manager of the authentication device 53,compared with the information processing system 1. On the contrary,possibility of fraudulent use of registered blood vessel pattern datafrom the card terminals 52 i steadily becomes zero.

The information processing system 51 has a style that the terminalauthentication function and the biological authentication function areall entrusted to the authentication device 53. This style isparticularly useful in case of constructing a relatively small scalesystem such as SOHO, compared with another style of the informationprocessing system 1 (FIG. 1) in which the terminal authenticationfunction and the biological authentication function are separatelyentrusted to the card terminal management server 4 and theauthentication device 3, respectively.

(2-2) Structures of the Ring Terminal and the Authentication Device

Structures of the ring terminal 52 x and the authentication device 53will now be described below. As shown in FIG. 8 in which partscorresponding to parts in the first embodiment are denoted by the samereference symbols, the ring terminal 52 x is constituted by a ringportion 54 and an ornament portion 55 provided on the outercircumferential surface of the ring portion 54. The ring portion 54allows the ring terminal 52 x to be attached to and detached from afinger.

Inside the ring portion 54, a terminal antenna AT_(CD) having a shapecorresponding to the shape of the ring portion 54 is contained. On theinner circumferential surface of the ring portion 54, plural nearinfrared light sources LS (LS_(A) to LS_(D)) are provided near theornament portion 55. The terminal antenna AT_(CD) and the near infraredlight sources LS are connected to a terminal signal processing sectionIC_(CD) 2 contained in the ornament portion 55.

When an electromagnetic induction signal supplied from theauthentication device 53 is received through the terminal antennaAT_(CD), the terminal signal processing section IC_(CD) 2 starts up,using as a drive voltage a voltage induced in response to the signalreceived. The terminal signal processing section IC_(CD) 2 exchangesvarious data with the authentication device 53 by use of a terminal IDmaintained in advance, to perform mutual authentication, and isconfigured to be able to drive and control the near infrared lightsource LS. Specific contents of processings of the terminal signalprocessing section IC_(CD) 2 will be described later.

Meanwhile, the authentication device 53 has the same structure as theauthentication device 3 in the first embodiment except the followingpoints. One of the points is that the near infrared light source LSprovided on the approach face 3A is omitted (although substitutions areprovided on the terminal side), compared with the authentication device3 in the first embodiment. The other point is that an authenticationsignal processing section IC_(cr) 2 is provided in place of theauthentication signal processing section IC_(cr) 1.

More specifically, the authentication signal processing section IC_(cr)2 has a difference in that a mutual authentication processing to performmutual authentication directly with the ring terminal 52 x is providedin place of the mutual authentication relay processing in theauthentication signal processing section IC_(cr) 1. Another differenceis that a biological authentication processing (hereinafter called adouble biological authentication processing) to determine presence orabsence of the person identical to a registrant by use of two methods isprovided in place of the biological authentication processing in theauthentication signal processing section IC_(cr) 1.

The mutual authentication processing and the double biologicalauthentication processing mentioned above will now be described indetails with reference to FIG. 11 in which parts corresponding to partsin FIG. 5 are denoted by the same reference symbols.

(2-3) Mutual Authentication Processing

When an electromagnetic induction signal supplied from theauthentication device 3 is received through the terminal antennaAT_(CD), the terminal CPU 61 of the ring terminal 52 x starts up, usingas a drive voltage a voltage induced in response to the signal received.As has been described in the first embodiment, the terminal CPU 61transmits startup notification data D1 to the authentication device 53sequentially through the terminal antenna AT_(CD) and thetransmission/reception section 23. Thereafter, the terminal CPU 61generates encrypted random number pattern data D4 and transmits the dataD4 to the authentication device 53.

An authentication CPU 71 in the authentication device 3 receives thestartup notification data D1 supplied from the ring terminal 52 x,sequentially through the authentication antenna AT_(cr) and thetransmission/reception section 33. Thereafter, the authentication CPU 71waits for the encrypted random number pattern data D4 supplied from thering terminal 52 x.

When the encrypted random number pattern data D4 is received, theauthentication CPU 71 performs, through the encryption/decryptionsection 34, a predetermined decryption processing thereon by use of thesame key information as the card terminal 2 x maintained in advance.Thereafter, through a random number generation section 72, theauthentication CPU 71 performs a back-diffusion processing on thedecryption result, and as a further result, obtains the terminal ID(seed data D2 a) of the ring terminal 52 x.

In this state, if this terminal ID is found in the database of a harddisk 73, the authentication CPU 71 determines the current communicationpartner to be the ring terminal 52 x. Otherwise, if the terminal ID doesnot exist in the database, the authentication CPU 71 determines thecurrent communication partner as masquerading the ring terminal 52 x,and stores temporarily the determination result as managementdetermination data D5 in the internal memory 32.

Also, the authentication CPU 71 diffuses, through the random numbergeneration section 72, the terminal ID again by diffusion datacorresponding to the diffusion data D2 b in the ring terminal 52 x.Thereafter, the authentication CPU 71 performs, through theencryption/decryption section 34, an encryption processing on thediffusion result by use of key information. The authentication CPU 71then transmits encrypted random number pattern data D6 obtained as aresult of the encryption processing, to the ring terminal 52 xsequentially through the transmission/reception section 33 and theauthentication antenna AT_(cr).

A terminal CPU 61 of the ring terminal 52 x performs various processingson the encrypted random number pattern data D6, like in the firstembodiment. If a terminal ID expressed by seed data D7 obtained as aresult agrees with the own terminal ID of the ring terminal 52 x, theterminal CPU 61 of the ring terminal 52 x determines that the currentcommunication partner to be the authentication device 53. Otherwise, ifthe terminal ID does not agree with the own terminal ID, the terminalCPU 61 determines the current communication partner as masquerading theauthentication device 53, and transmits the determination result asterminal determination data D8 to the authentication device 53sequentially through the transmission/reception section 23 and theterminal antenna AT_(CD).

Thus, the authentication CPU 71 of the authentication device 53 canobtain the management determination data D5 and the terminaldetermination data D8 each as a result of terminal authentication(mutual authentication) with the ring terminal 52 x.

(2-4) Biological Authentication Processing

Described next will be a double biological authentication processing.

In actual, when startup notification data D1 supplied from the ringterminal 52 x is received, the authentication CPU 71 generates seed dataD20 a and diffusion data D20 b. Further, through theencryption/decryption section 34, the authentication CPU 71 performs apredetermined encryption processing on the seed data D20 a and diffusiondata D20 b by use of key information maintained in advance. Theauthentication CPU 71 transmits the encrypted seed data D20 a anddiffusion data D20 b to the ring terminal 52 x sequentially through thetransmission/reception section 33 and the authentication antennaAT_(cr).

On the other side, the terminal CPU 61 of the ring terminal 52 xreceives the encrypted seed data D20 a and diffusion data D20 bsequentially through the terminal antenna AT_(CD) and thetransmission/reception section 23. Then, through theencryption/decryption section 24, the terminal CPU 61 performs adecryption processing on the encrypted seed data D20 a and diffusiondata D20 b.

Further, the terminal CPU 61 diffuses the encrypted seed data D20 a bythe diffusion data D20 b, through the random number generation section25, to generate data D21 of a flicker pattern (hereinafter calledflicker pattern data) consisting of “1” and “0” respectively indicatinglighting ON and OFF of the near infrared light sources LS.

In this state, through a light source drive section 62, the terminal CPU61 lets the near infrared light sources LS flicker based on the flickerpattern data D21. Simultaneously, through the encryption/decryptionsection 24, the terminal CPU 61 performs an encryption processing on theflicker pattern data D21 by use of a secret key, and transmits theencrypted flicker pattern data D21 to the authentication device 53sequentially through the transmission/reception section 23 and theterminal antenna AT_(CD).

When the encrypted flicker pattern data D21 is received from the ringterminal 52 x sequentially through the authentication antenna AT_(cr)and the transmission/reception section 33, the authentication CPU 71decrypts the encrypted flicker pattern data D21 by means of theencryption/decryption section 34, and sends the flicker pattern data D21obtained as a result, to a flicker pattern comparison section 76.

The authentication CPU 71 also controls the imaging camera CM, to pickup an image of blood vessels inside fingers wearing the ring terminal 52x which has been brought close to the approach face 3A (FIG. 10) at thistime.

In case of this embodiment, the hand wearing the ring terminal 52 x andthe approach face 3A are configured to be situated close to each otherwith a predetermined positional relationship kept therebetween. Forexample, as shown in FIG. 10, the ring terminal 52 x is put on such thatthe ornament portion 55 is opposed to the back of a predeterminedfinger. The ring terminal 52 x and the face 3A approach each other withthe finger pad of the predetermined finger kept parallel to the approachface 3A and opposed from a predetermined direction DR.

Alternatively, the hand may be actively moved close to the approach face3A or passively moved by a member (not shown) to locate the hand to apredetermined position.

When the hand wearing ring terminal 52 x is thus put close to theapproach face 3A, near infrared light emitted from the near infraredlight sources LS of the ring terminal 52 x is emitted on the fingerwearing the ring terminal 52 x, as indicated by broken lines in FIG. 12.The near infrared light is absorbed by hemoglobin flowing in the bloodvessels existing in the finger, and is scattered and reflected by tissueother than the blood vessels. The light then goes out of the fingers.This outgoing near infrared light is obtained as blood vessel projectionlight. This blood vessel projection light runs from the open window OWsequentially through the imaging lens 10 a of the imaging camera CM,diaphragm (not shown), and near infrared light pass filter 10 b, andenters into the solid state imaging element 10 c. This light is sent asa brood vessel image signal S10 j (j=1, 2, . . . , m) to a luminancepattern generation section 74 and a pattern extraction section 75.

The luminance pattern generation section 74 detects changes in the stateof luminance in the blood vessel image signal S10 j. The state ofbrightness in the blood vessel image signal S10 j corresponds to theflicker pattern of the near infrared light sources LS. Therefore, a darkstate is given when the near infrared light source LS are lightened off.On the other side, a bright state is given when the near infrared lightsources LS are lightened on.

Further, based on a detection result as described above, the luminancepattern generation section 74 generates pattern (hereinafter called aluminance pattern) data D30 consisting of “1” and “0” respectivelyindicative of a bright state in which the luminance of the blood vesselimage signal S10 j is high and a dark state in which the luminance islow. The luminance pattern generation section 74 sends the data D30 tothe pattern extraction section 75 and the flicker pattern comparisonsection 76.

The pattern extraction section 75 performs various processings such asan A/D (Analog/Digital) conversion processing, a blood vessellinearization processing, and the like, on the blood vessel image signalS10 j supplied from the imaging camera CM. Thereafter, the patternextraction section 75 performs a binarization processing thereon togenerate data of a binary blood vessel image.

Based on the luminance pattern data D30 supplied from a luminancepattern generation section 76, the pattern extraction section 75 furtherselects one binary blood vessel image corresponding to a turned-offstate of the near infrared light sources LS. From the binary bloodvessel image, the pattern extraction section 75 extracts characteristicpoints such as branch points and the like, and sends data D10 of a bloodvessel formation pattern obtained as a result, to the authenticationsection 77.

The flicker pattern comparison section 76 compares the flicker patterndata D21 supplied from the ring terminal 52 x with the state of theluminance pattern data D30 supplied from the luminance patterngeneration section 74 (an array state of “1” and “0”), thereby to detectcrafty masquerading of, for example, irradiating near infrared light ona film of a blood vessel formation pattern or the like.

Further, if this comparison results in agreement, the flicker patterncomparison section 76 determines that no masquerading has beenconducted. Otherwise, if the comparison results in disagreement, theflicker pattern comparison section 76 determines that masquerading hasbeen conducted. The flicker pattern comparison section 76 sends thisdetermination result as flicker pattern determination data D31 to theauthentication section 77.

On the other side, if determination results of the terminaldetermination data D8 and the management determination data D5 which areobtained from mutual authentication with the ring terminal 52 x expresssuccessful authentication of each other, the authentication CPU 71performs, through the encryption/decryption section 34, a predeterminedencryption processing on an authentication encryption key D11 stored inadvance in the internal memory 32, by use of a secret key. Theauthentication CPU 71 transmits the authentication encryption key D11thus encrypted, to the ring terminal 52 x sequentially through thetransmission/reception section 33 and authentication antenna AT_(cr).

The terminal CPU 61 of the ring terminal 52 x receives the encryptedauthentication encryption key D11 sequentially through thetransmission/reception section 23 and the terminal antenna AT_(CD).Then, through the encryption/decryption section 24, the terminal CPU 61performs a predetermined encryption processing on a terminal encryptionkey D12 stored in advance in the internal memory 22, by use of a secretkey. The terminal CPU 21 transmits the encrypted terminal encryption keyD12 to the authentication device 53 sequentially through thetransmission/reception section 23 and the terminal antenna AT_(CD).

Also, the terminal CPU 61 performs, through the encryption/decryptionsection 24, a predetermined decryption processing on the authenticationencryption key D11, by use of a secret key. Further, the terminal CPU 61encrypts the terminal ID registered in the EEPROM in the internal memory22, by use of the decrypted authentication encryption key D11.Simultaneously, the terminal CPU 61 encrypts the terminal ID encryptedby the authentication encryption key D11, further by use of the terminalencryption key D12. The terminal CPU 61 transmits the terminal ID thusencrypted double to the authentication device 53 sequentially throughthe transmission/reception section 23 and the terminal antenna AT_(CD).

The authentication CPU 71 of the authentication device 53 receives theencrypted terminal encryption key D12 sequentially through theauthentication antenna AT_(cr) and the transmission/reception section33. The authentication CPU 71 then performs, through theencryption/decryption section 34, a predetermined decryption processingon the encrypted terminal encryption key D12 by use of a secret key.

The authentication CPU 71 also waits for double encrypted terminal IDwhich is to be transmitted thereafter from the ring terminal 52 x.Further, the authentication CPU 71 receives the double encryptedterminal ID. Then, the authentication CPU 71 decrypts the terminal ID byuse of the decrypted terminal encryption key D12, as well as by use ofthe authentication encryption key D11 stored in advance in the internalmemory 32. The authentication CPU 71 further sends the decryptedterminal ID to the authentication section 77.

Thus, the authentication section 77 is inputted with each of theterminal ID, the flicker pattern determination data D31 supplied fromthe flicker pattern comparison section 76, and the data D10 of a bloodvessel formation pattern supplied from the pattern extraction section75.

If the determination result of the flicker pattern determination dataD31 indicates that there is no masquerading, the authentication section77 searches the database for registered blood vessel formation patterndata corresponding to the terminal ID, and reads the registered bloodvessel formation pattern data RD corresponding to the terminal ID, fromthe hard disk 73.

The authentication section 77 further determines presence or absence ofthe person identical to the registrant, based on the registered bloodvessel formation pattern data RD read from the hard disk 73 and data D10of a blood vessel formation pattern supplied from the pattern extractionsection 75, to determine presence or absence of a registrant.

(2-5) Authentication Processing Procedure

A series of mutual authentication processing and double biologicalauthentication processing (hereinafter called a second authenticationprocessing) by the authentication CPU 71 is carried out along the secondauthentication processing procedure RT2 shown in FIG. 13.

That is, the authentication CPU 71 receives startup notification data D1(FIG. 11) from a ring terminal 52 x brought close to the approach face3A. Then, the authentication CPU 71 starts the second authenticationprocessing procedure RT2 in step SP10. In subsequent step SP11, theauthentication CPU 71 executes a mutual authentication processing withthe ring terminal 52 x. In further subsequent step SP12, theauthentication CPU 71 determines whether mutual authentication iscompleted successfully, based on management determination data D5obtained as a result of the mutual authentication processing and on theterminal determination data D8.

If the mutual authentication is determined to be completed successfully,the authentication CPU 71 transmits predetermined seed data D20 a anddiffusion data D20 b (FIG. 11) in encrypted form to the ring terminal 52x, in next step SP13. In this case, the ring terminal 52 x generatesflicker pattern data D21 (FIG. 11), based on the seed data D20 a anddiffusion data D20 b. The flicker pattern data D21 is sent, in theencrypted form, to the authentication device 53, and the near infraredlight sources LS (FIG. 12) are flickered based on the flicker patterndata D21.

Next, in step SP14, the authentication CPU 71 starts up the imagingcamera CM (FIG. 12), and extracts a blood vessel formation patternexisting inside a finger of the hand wearing the ring terminal 52 x,based on an imaging result (blood vessel image signal S10 j) of theimaging camera CM.

In next step SP15, the authentication CPU 71 further compares a flickerpattern expressed by the flicker pattern data D21 transmitted from thering terminal 52 x with the luminance pattern of the blood vessel imagesignal S10 j picked up by the imaging camera CM. In subsequent stepSP16, if the flicker pattern and the luminance pattern are determined toagree with each other, the procedure goes to step SP17.

In this step SP17, the authentication CPU 71 specifies, from a database,registered blood vessel formation pattern data RD which has beenassociated with the terminal ID of the ring terminal 52 x obtained atthe time of mutual authentication in step SP11. The authentication CPU71 reads the registered blood vessel formation pattern data RDcorresponding to the terminal ID, from the hard disk 73.

Further, in next step SP18, the authentication CPU 71 compares a bloodvessel formation pattern expressed by the registered blood vesselformation pattern data RD with another blood vessel formation patternextracted from the user in step SP14. In subsequent step SP19, theauthentication CPU 71 determines presence or absence of the personidentical to the registrant, based on the comparison result. Thereafter,the authentication CPU 71 goes to a next step SP20 and terminates thesecond authentication processing procedure RT2.

Otherwise, if the mutual authentication is determined to have failed instep SP12 or if the flicker pattern and the luminance pattern aredetermined to disagree with each other in step SP16, access is obviouslyfrom a third person other than the registrant. Therefore, theauthentication CPU 71 goes to step SP20 and terminates the secondauthentication processing procedure RT2, without unnecessarilydetermining presence or absence of the person identical to theregistrant in step SP19.

The authentication CPU 71 is configured to execute the secondauthentication processing procedure RT2 in the above-described manner.

(2-6) Operation and Effects of the Second Embodiment

With the configuration as described above, the authentication device 53of the information processing system 51 communicates with the ringterminal 52 x which has been brought close to the approach face 3A (FIG.10) among plural ring terminals 52 i (FIG. 7), and performs mutualauthentication therewith, to obtain a terminal ID maintained in the ringterminal 52 x.

If the mutual authentication is completed successfully, theauthentication device 53 compares a blood vessel formation patternexpressed by registered blood vessel formation pattern data RDcorresponding to the terminal ID with another blood vessel formationpattern extracted from the blood vessel image signal S10 j, to determinepresence or absence of a registrant.

Therefore, the authentication device 53 can avoid a processing ofreading and comparing blood vessel formation patterns in an arbitraryorder from a database in the authentication device 3. Accordingly, thecomparison time can be remarkably reduced.

While performing the mutual authentication, the authentication device 53flickers the near infrared light sources LS of the ring terminal 52 xaccording to a predetermined flicker pattern, irradiating the handwearing the ring terminal 52 x brought close to the approach face 3A,and picks up an image of the hand. Further, if the mutual authenticationis completed successfully, the authentication device 53 compares theflicker pattern of having flickered the near infrared light sources LS,with the luminance pattern of the blood image signal S10 j obtained asan imaging result. In accordance with a result of the comparison, theauthentication device 53 determines presence or absence of a registrant,based on blood vessel formation patterns.

Therefore, the authentication device 53 can double check masquerading ofa third person as the registrant, from different viewpoints, and so canavoid crafty masquerading. Hence, security can be strengthened muchmore.

According to the configurations as described above, correspondingregistered blood vessel formation pattern data RD is specified amongplural registered blood vessel formation pattern data, using theterminal ID obtained by mutual authentication as an identifier ofregistered blood vessel formation pattern data. Based on a blood vesselformation pattern expressed by the registered blood vessel formationpattern data RD and another blood vessel formation pattern extractedfrom the blood vessel image signal S10 j, presence or absence of aregistrant is determined. As a result of this, a processing of readingand comparing blood vessel formation patterns in an arbitrary order froma database can be avoided, so that steps of the comparison processingcan be reduced. User's waiting time can be shortened by a lengthequivalent to the reduced steps of the comparison processing. Thus,usability can improve.

(3) Other Embodiments

In the foregoing first embodiment, registered blood vessel formationpattern data are registered in the terminal side (card terminals 2 i).In the second embodiment, registered blood vessel formation pattern dataare registered in the authentication side (authentication device 53).These embodiments have been described with reference to a case in which,when a registered blood vessel formation pattern and another bloodvessel formation pattern extracted from a user agree with each other,the user is determined to be a registrant. The present invention,however, is not limited to this case but may be configured as follows.As shown in FIG. 14 in which parts corresponding to those in FIGS. 2 and5 are denoted by the same reference symbols, registered blood vesselformation pattern data may be registered in both of the terminal 102 xand the terminal management server 104 which manages terminal IDs. Auser may be determined to be a registrant when three blood vesselformation patterns, i.e., the two registered blood vessel formationpatterns and another blood vessel formation pattern extracted from auser by the authentication device 103 agree with one another.

In the information processing system 101 shown in FIG. 14, it isdifficult for a third person to steal each of the blood vessel formationpattern data registered in different locations from one another. Even ifone of the registered blood vessel formation pattern data is replacedwith other data of a third person, this replacement can be detected, andas a result, security can improve much more.

The terminal device 102 x may have either a card-like shape or aring-like shape or may have any other shape. As far as the terminaldevice 102 x is portable, other various shapes are applicable to theterminal device 102 x. In addition, the near infrared light source LSmay be provided on the authentication side as shown in the firstembodiment or on the terminal side as shown in the second embodiment.

An authentication processing procedure of the authentication device 103described above will now be described with reference to the flowchartshown in FIG. 15.

That is, an authentication CPU 131 receives startup notification data D1from a terminal device 102 x which has been brought close to theapproach face 3A. Then, the authentication CPU 131 starts the thirdauthentication processing procedure RT3 in subsequent step SP20, andstarts up the imaging camera CM (FIG. 2), in subsequent step SP21. Atthis time, the CPU 131 starts extraction of a blood vessel formationpattern existing in the hand (or finger) grasping or wearing thisterminal device 102 x.

Further, in step SP22, the authentication CPU 131 relays mutualauthentication between the terminal device 102 x and the terminalmanagement server 104. In subsequent step SP23, the authentication CPU131 determines whether the mutual authentication is completedsuccessfully, based on management determination data D5 supplied fromthe terminal device 102 x and the terminal management server 104, and onterminal determination data D8.

If this mutual authentication is determined to be completedsuccessfully, the authentication CPU 131 transmits its ownauthentication encryption key D11 (FIG. 5) to the terminal device 102 xin next step SP24. Simultaneously, the authentication CPU 131 obtains aterminal encryption key D12 (FIG. 5) maintained in the terminal device102 x from the terminal device 102 x. In subsequent step SP25, theauthentication CPU 131 decrypts registered blood vessel formationpattern data D13 transmitted in double encrypted form from the terminaldevice 102 x, by use of the authentication encryption key D11 and theterminal encryption key D12.

In step SP26, the authentication CPU 131 also mutually exchangesencryption keys with the terminal management server 104 which managescorrespondences between terminal IDs and registered blood vesselformation patterns in form of a database, like in various processing insteps SP24 and SP25. The authentication CPU 131 uses the encryption keyof the terminal management server 104 and the authentication encryptionkey D11 of the authentication device 103, to decrypt the registeredblood vessel formation pattern data D13 transmitted in double decryptedform. In this respect, the registered blood vessel formation patterndata D13 corresponds to the terminal ID used at the time of mutualauthentication, among plural registered blood vessel formation patternsregistered in the terminal management server 104.

Further, in next step SP27, the authentication CPU 131 compares a user'sblood vessel formation pattern PT1 (FIG. 14) obtained by starting instep SP21, another blood vessel formation pattern PT2 (FIG. 14)expressed by the registered blood vessel formation pattern data D13obtained from the terminal device 102 x in step SP25, and furtheranother blood vessel formation pattern PT3 (FIG. 14) expressed by theother registered blood vessel formation pattern data D13 obtained fromthe terminal management server 104 in step SP26, with one another. Insubsequent step SP28, the authentication CPU 131 determines presence orabsence of the person identical to the registrant, based on thecomparison result. Thereafter, the authentication CPU 131 goes to stepSP29, and terminates the third authentication processing procedure RT3.

Meanwhile, if the mutual authentication is determined to have failed instep SP23, the authentication CPU 131 goes to step SP29 withoutexecuting various processings of steps SP24 to SP28 described above. Theauthentication CPU 131 then terminates the third authenticationprocessing procedure RT3.

Thus, the authentication device 103 can determine presence or absence ofthe person identical to the registrant, based on registered blood vesselformation pattern data registered in the terminal device 102 x and theterminal management server 104 and on the blood vessel formation patternextracted from the user by the authentication device 103.

The function to determine presence or absence of a registrant may beprovided in the terminal management server 104. Even then, biologicalauthentication among three pieces of data can be realized in the samemanner as in the third authentication processing procedure RT3 describedabove, if registered blood vessel formation pattern registered in theterminal device 102 x and the terminal management server 104, and theblood vessel formation pattern extracted from the user by theauthentication device 103 are collected in the terminal managementserver 104.

In another example, registered blood vessel formation pattern data areregistered in the terminal device 102 x and the terminal managementserver 104 as registration targets, as shown in FIG. 16 in which partscorresponding to those in FIG. 14 are denoted at the same referencesymbols. A hash value generated from data of processing steps up togeneration of registered blood vessel formation pattern data isregistered in the terminal management server 104 having a managementfunction, with a correspondence established between the hash value andthe registered blood vessel formation pattern data.

Further, the authentication device 103 obtains registered blood vesselformation pattern data registered in the terminal device 102 x and theterminal management server 104, and compares blood vessel formationpatterns PT2 and PT3 expressed by the registered blood vessel formationpattern data with each other. On the other side, the authenticationdevice 103 obtains a hash value H1 corresponding to the registered bloodvessel formation pattern data obtained from the terminal managementserver 104, and compares the hash value H1 with another hash value H2generated from data of processing steps up to generation of data of theblood vessel formation pattern extracted from the user.

In this manner, a third person can not achieve masquerading before thethird person not only steals registered blood vessel formation patterndata but also knows a hash value generation algorithm and from whichprocessing step the data having been used to generate the hash value H2has been obtained. Therefore, security can much more improve.

Also, the load of the comparison processing can be reduced more by aquantity by which the data quantity is reduced than in another case ofcomparing registered blood vessel formation pattern data with a bloodvessel formation pattern extracted from the user. The user's waitingtime an be shortened much more.

In this case, like in the fourth authentication processing procedure RT4as shown in FIG. 17 in which portions corresponding to those in FIG. 15are denoted at the same reference symbols, the authentication CPU 131can execute a biological authentication processing in accordance with aprocessing procedure similar to the third authentication processingprocedure RT3, by merely providing steps SP26′ and SP27′ in which thetargets to be obtained and to be compared in steps SP26 and SP27 arepartially changed, in place of steps SP26 and SP27 in the thirdauthentication processing procedure RT3.

Further, as another example, an information processing system 201 isapplicable, as shown in FIG. 18 in which portions corresponding to thosein FIGS. 2 and 5 are denoted at the same reference symbols. In thisinformation processing system 201, blood vessel formation pattern dataD100 encrypted by use of a predetermined encryption key are registeredin a terminal device 202 x. A hash value H1 of the registered bloodvessel formation pattern data before encryption and a secret key KY areregistered in a terminal management server 204, with a correspondenceestablished between each other.

This terminal device 202 x may have either a card-like or ring-likeshape or may have another shape. As far as the terminal device 202 x isportable, other various shapes are applicable to the terminal device 202x. In addition, the near infrared light source LS may be provided on theauthentication side as shown in the first embodiment or on the terminalside as shown in the second embodiment.

When the terminal device 202 x is brought close, an authenticationdevice 203 starts extraction of a blood vessel formation patternexisting inside the hand (or finger) grasping or wearing the cardterminal 202 x. On the other side, the authentication device 203 obtainsencrypted blood vessel formation pattern data D100 from the terminaldevice 202 x, and obtains a hash value H1 of registered blood vesselformation pattern data corresponding to the terminal ID of the terminaldevice 202 x and a secret key KY from the terminal management server204.

Further, the authentication device 203 decrypts the encrypted bloodvessel formation pattern data D100 by use of the secret key KY, inaccordance with a predetermined algorithm, and generates a hash valuefrom the decrypted registered blood vessel formation pattern data. Theauthentication device 203 compares the generated hash value (hereinaftercalled a comparative hash value) with the hash value H1 obtained fromthe terminal management server 204.

If the comparison result indicates agreement, the authentication device203 also compares the blood vessel formation pattern PT obtained fromthe user and another blood vessel formation pattern expressed by thedecrypted registered blood vessel formation pattern data.

Thus, in the information processing system 201, an individual secret keyKY for the encrypted registered blood vessel formation pattern data D100is not sent to the terminal device 202 x. Unless the secret key KY isknown, any third person cannot obtain a comparative hash value from theencrypted blood vessel formation pattern data D100. Therefore, in theinformation processing system 201, a third person can be determinedgenerally in the first comparison stage of using a hash value, if theencrypted registered blood vessel formation pattern data D100 in theterminal device 202 x are replaced or the like. Compared with anothercase of using a registered blood vessel formation pattern forcomparison, the comparison processing load can be remarkably reduced bya quantity by which the data quantity is reduced, so that user's waitingtime can be shortened much more.

Also, in this information processing system 201, it is difficult for athird person to steal each of the encrypted registered blood vesselformation pattern data D100, secret key KY, and hash value H1 which areregistered indifferent locations from one another. It is also difficultto obtain a comparative hash value from the encrypted registered bloodvessel formation pattern data D100 and the secret key KY. Therefore,even if the encrypted registered blood vessel formation pattern dataD100 in the terminal device 202 x is replaced, this replacement can bedetected, and as a result, security can improve much more. In addition,this information processing system 201 does not manage registered bloodvessel formation pattern data themselves. It is possible to prevent theflow of the blood vessel formation pattern to the outside and thussecurity can improve much more.

Further, the information processing system 201 does not manageregistered blood vessel formation pattern data themselves. Therefore,processing load due to management of the registered blood vesselformation pattern data can be avoided, and a transmission processing ofthe registered blood vessel formation pattern data to manage can beavoided. Accordingly, the information processing system 201 can improveprocessing performance as a whole.

An authentication processing procedure of the authentication device 203will now be described with reference to the flowchart shown in FIG. 19.

That is, an authentication CPU 231 receives startup notification data D1from a terminal device 202 x which has been brought close to theapproach face 3A. Then, the authentication CPU 231 starts the fifthauthentication processing procedure RT5 in subsequent step SP30, andstarts up the imaging camera CM (FIG. 2), in subsequent step SP31. Atthis time, the CPU 231 starts extraction of a blood vessel formationpattern existing in the hand (or finger) grasping or wearing thisterminal device 202 x.

Further, in step SP32, the authentication CPU 231 relays mutualauthentication between the terminal device 202 x and the terminalmanagement server 204. In subsequent step SP33, the authentication CPU231 determines whether the mutual authentication is completedsuccessfully, based on management determination data D5 supplied fromthe terminal device 202 x and the terminal management server 204, and onterminal determination data D8.

If this mutual authentication is determined to be completedsuccessfully, the authentication CPU 231 transmits its ownauthentication encryption key D11 (FIG. 5) to the terminal device 202 x,in next step SP34. The authentication CPU 231 also obtains a terminalencryption key D12 (FIG. 5) maintained in the terminal device 202 x fromthe terminal device 202 x. In subsequent step SP35, the authenticationCPU 231 decrypts encrypted registered blood vessel formation patternD100 (FIG. 18) transmitted in double encrypted form from the terminaldevice 202 x, by use of the authentication encryption key D11 and theterminal encryption key D12.

In step SP36, the authentication CPU 231 also mutually exchangesencryption keys with the terminal management server 204, like in variousprocessings in steps SP34 and SP35. The authentication CPU 231 uses theencryption key of the terminal management server 204 and theauthentication encryption key D11 of the authentication device 203, todecrypt the secret key KY and hash value H1 (FIG. 18) transmitted indouble decrypted form. In this respect, the secret key KY and hash valueH1 correspond to the terminal ID used at the time of mutualauthentication, among plural secret keys and hash values registered inthe terminal management server 204.

Further, in next step SP37, the authentication CPU 231 decrypts theencrypted registered blood vessel formation pattern data D100 obtainedfrom the terminal device 202 x in step SP35 by use of the secret key KY,and generates a comparative hash value from the decrypted registeredblood vessel formation pattern data. The authentication CPU 231 thengoes to step SP38.

In step SP38, the authentication CPU 231 compares the comparative hashvalue generated in step SP37 with the hash value H1 obtained from theterminal management server 204 in step SP36. If these values disagreewith each other, the authentication CPU 231 compares a blood vesselformation pattern expressed by the registered blood vessel formationpattern data encrypted in step SP37 with another blood vessel formationpattern PT (FIG. 18) of the user obtained by starting in step SP31. Insubsequent step SP39, the authentication CPU 231 determines presence orabsence of the person identical to the registrant, based on thecomparison result. Thereafter, the authentication CPU 231 goes to stepSP40 and terminates the fifth authentication processing procedure RT5.

Otherwise, if the mutual authentication is determined to have failed instep SP33, the authentication CPU 231 goes to step SP40 withoutexecuting various processings of steps SP34 to SP39 described above. Theauthentication CPU 231 then terminates the fifth authenticationprocessing procedure RT5.

Thus, the authentication device 203 can realize biologicalauthentication among three pieces of data, based on the encryptedregistered blood vessel formation pattern data D100, secret key KY, andhash value H1 which are respectively registered in different locationsfrom one another.

The function to determine presence or absence of a registrant may beprovided in the terminal management server 204. Even then, biologicalauthentication among three pieces of data can be realized in the samemanner as in the fifth authentication processing procedure RT5 describedabove, if the encrypted registered blood vessel formation pattern dataD100 registered in the terminal device 202 x and the blood vesselformation pattern PT extracted from the user by the authenticationdevice 203 are collected in the terminal management server 204.

Further, in the above embodiment, there has been no description about aspecific relationship between the data transmission processing oftransmitting registered blood vessel formation pattern data according tothe electromagnetic induction scheme, and the biological authenticationprocessing based on the registered blood vessel formation pattern data.In the present invention, these processing are performed in arelationship as shown in FIGS. 20 (A) and 20(B).

That is, as shown in FIG. 20(A), registered blood vessel formationpattern data D13 as a target to transmit are divided into predeterminedunits, on the terminal side. The divided data D13 _(k) (k=1, 2, 3, . . ., 1) are transmitted sequentially. On the authentication side, everydata D13 _(k) is compared with a corresponding data part of theregistered blood vessel formation pattern data D13, in the order of thetransmitted data D13 _(k) (biological authentication processing).

On the authentication side, for example, if a datum D13 ₂ could not bereceived due to a communication error, as shown in FIG. 20(B), thebiological authentication processing is suspended, and the terminal sideis notified that transmission should be tried again from the datum D13₂. Thereafter, on the authentication side, every time a datum D13 _(k)is transmitted starting from the datum D13 ₂, the datum D13 _(k) and acorresponding data part of the registered blood vessel formation patterndata D13 are compared with each other.

In this manner, load of the transmission and comparison processing canbe reduced, compared with another case of retrying transmission andcomparison of the registered blood vessel formation pattern data D13from the very first step every time a communication error occurs.Therefore, user's waiting time can be much more shortened.

Further, the above embodiments have been described with reference to acase of application to card-like terminal devices (card terminals 2 i inthe first embodiment) or terminal devices which can be put on a finger(ring terminals 52 i in the second embodiment). However, application isalso possible to accessories such as a bracelet, necklace, earrings,glasses, and the like each of which is equipped with a terminal signalprocessing section IC_(CD) 1 or terminal signal processing sectionIC_(CD) 2 (FIG. 2, 8, or the like) and a terminal antenna AT_(CD) (FIG.2, 8, or the like). Alternatively, application is possible to portableelectronic devices such as a portable cellular phones and PDA (PersonalDigital Assistants) each of which is equipped with a terminal signalprocessing section IC_(CD) 1 or terminal signal processing sectionIC_(CD) 2 (FIG. 2, 8, or the like) and a terminal antenna AT_(CD) (FIG.2, 8, or the like).

Further, the above embodiments have been described with reference to acase where blood vessels existing in fingers are applied asidentification targets in a living body. However, the present inventionis not limited to this case. For example, various other biologicalidentification targets can be applied, e.g., neurons existing inside aliving body, fingerprints appearing on a living body, glottises, and lipprints are applicable. Incidentally, if neurons are used asauthentication targets, for example, a marker peculiar to neurons isimplanted into a living body. By imaging the marker, neurons can bedealt with as authentication targets, like in the above embodiments.

In this case, an imaging camera CM is adopted as a biological sensor inthe above embodiments. The present invention is not limited to this casebut sensors which are eligible for biological identification targets tobe applied can be appropriately selected. Alternatively, schemes ofextracting a biological identification target as a pattern, which areeligible for biological identification targets to be applied, can beselected appropriately. In case of applying blood vessels as anidentification target, a biological sensor having a configurationdifferent from the embodiments described above may be selected. Thecontents of the pattern extraction section may be appropriatelydiscarded or selected.

Further, the embodiments described above have been described withreference to a case in which blood vessel formation pattern data or aterminal ID is registered, in non-encrypted form, in the memory 22 onthe terminal side. The present invention is not limited to this case butthe blood vessel formation pattern data or a terminal ID may beregistered, in encrypted form, in the internal memory 22.

Further, the embodiments described above have been described withreference to a case in which the authentication section 38 or 77 whichcompares registered blood vessel formation pattern data with data of ablood vessel formation pattern obtained from a user is provided in theauthentication device 3 or 53. The present invention is not limited tothis case. In place of the authentication device 3 or 53, an extractiondevice to extract a user's blood vessel pattern may be provided, and anauthentication server is provided for the extraction device via apredetermined network such as the Internet. This authentication servermay integrate the function of the authentication section 38. As a resultof this, leakage of personal data by sealing of the authenticationdevice 3 or 53 can be obviated effectively. In addition, management orthe like of registered blood vessel formation pattern data and theauthentication section can be simplified by storing all registered bloodvessel formation pattern data in the authentication server.

Further, the embodiments described above have been described withreference to a case in which a mutual authentication processing isexecuted before executing a biological authentication processing.However, the present invention is not limited to this case but thebiological authentication processing may be executed before executingthe mutual authentication processing. In this case, blood vesselformation pattern data extracted from a user, which is to be used in thebiological authentication processing, can be extracted at varioustimings in the process of the biological authentication processing andthe mutual authentication processing.

Further, the second embodiment has been described with reference to acase in which a flicker pattern of having flickered the near infraredlight sources LS and a luminance pattern of the blood vessel imagesignal S10 j obtained as an imaging result are compared with each other.In accordance with the comparison result, presence or absence of aregistrant is determined based on a blood vessel formation pattern. Thepresent invention is not limited to this case but the determinationfunction may be applied to the information processing system 1 (FIG. 1)or the information processing system 101 (FIG. 14). In this case,flicker pattern data to flicker the near infrared light sources LS aregenerated from encrypted seed data D20 a and diffusion data D20 b, onthe terminal side. However, the flicker pattern data may be maintainedin advance on the terminal side.

Further, the second embodiment has been described with reference to acase in which registered blood vessel formation pattern data associatedwith plural terminal IDs are stored in the hard disk 73. The presentinvention is not limited to this case but the data may be recorded onvarious other recording media than hard disks. Alternatively in place ofthe hard disk, an authentication server may be provided via apredetermined network such as the Internet. Registered blood vesselformation pattern data may be stored in the authentication server.

Further, the second embodiment described above has been described withreference to a case in which registered blood vessel formation patterndata corresponding to a terminal ID are specified from a database. Thepresent invention is not limited to this case but various other inherentidentifiers may be associated with registered blood vessel formationpattern data. Based on the identifiers, registered blood vesselformation pattern data may be specified from a database.

INDUSTRIAL APPLICABILITY

The present invention is applicable to cases of determining presence orabsence of a registrant for a user who uses a portable product.

EXPLANATION OF REFERENCED NUMERALS

1, 51, 101, 201 . . . INFORMATION PROCESSING SYSTEM, 2 i(i=1, 2, . . . ,2x. . . CARD TERMINAL, 52 i(i=1, 2, . . . , N), 52 x. . . RING TERMINAL,102 x, 202 x, . . . TERMINAL DEVICE, 3, 53, 103, 203 . . .AUTHENTICATION DEVICE, 4 . . . CARD TERMINAL MANAGEMENT SERVER. 104, 204. . . TERMINAL MANAGEMENT SERVER, 21, 61 . . . TERMINAL CPU, 31, 71,131, 231 . . . AUTHENTICATION CPU, 22, 32, . . . INTERNAL MEMORY, 23, 33. . . TRANSMISSION/RECEPTION SECTION, 24, 34 . . .ENCRYPTION/DECRYPTIONSECTION, 25 . . . RANDOM NUMBER GENERATION SECTION, 35 . . .NETWORKINTERFACE, 36 . . .DRIVE CONTROL SECTION, 37, 75 . . . PATTERNEXTRACTION SECTION, 38, 77 . . . AUTHENTICATION SECTION, 73 . . . HARDDISK, 74 . . . LUMINENCE PATTERN GENERATION SECTION, 76 . . . FLICKERPATTERN COMPARISON SECTION, CM . . . IMAGING CAMERA, LS . . . NEARINFRARED LIGHT SOURCE, ATCD . . . TERMINAL ANTENNA, ATcr . . .AUTHENTICATION ANTENNA, ICCD1, ICCD2 . . . TERMINAL SIGNAL PROCESSINGSECTION, ICcr1, ICcr2 . . . AUTHENTICATION SIGNAL PROCESSING SECTION,RT1 . . . FIRST AUTHENTICATION PROCESSING PROCEDURE. RT2 . . . SECONDAUTHENTICATION PROCESSING PROCEDURE, RT3 . . . THIRD AUTHENTICATIONPROCESSING PROCEDURE. RT4 . . . FOURTH AUTHENTICATION PROCESSINGPROCEDURE, RT5 . . . FIFTH AUTHENTICATION PROCESSING PROCEDURE

1. An information processing system comprising: a first informationprocessing apparatus and an authentication device comprising a secondinformation processing apparatus, said first information processingapparatus comprising: a storage means which stores a first biologicalidentification data associated with a predetermined portion of asubject's living body, and a first communication means for performingcommunication when held proximate to the predetermined portion of thesubject's living body, said authentication device comprising: abiological sensor which detects biological information from thesubject's living body; a second communication means connected to thesecond information processing apparatus and which communicates with thefirst communication means; said second information processing apparatuscomprising: an extraction means which extracts a second biologicalidentification data from the biological information detected by thebiological sensor while the first communication means transmits thefirst biological identification data to the second communication means;and a biological authentication means which performs biologicalauthentication, based on the second biological identification data andon the first biological identification data; a network connected to thesecond information processing apparatus; the authentication deviceconnected to the network that performs mutual authentication between thefirst information processing apparatus and a management server using thesecond information processing apparatus connecting to a managementserver via the network, wherein, if mutual authentication between thefirst information processing apparatus and the management server isconfirmed by the authentication device, the first information processingapparatus and the second information processing apparatus exchangeinformation for encrypting and decrypting the first biologicalinformation.
 2. An authentication device comprising: a biological sensorwhich detects biological information from a living body when heldproximate to a predetermined position of the living body; acommunication target which stores biological identification data; anear-distance communication means which communicates with thecommunication target; an extraction means which extracts biologicalidentification data from the biological information detected by thebiological sensor while the communication target transmits the storedbiological identification data to the near-distance communication means;a biological authentication means which compares the stored biologicalidentification data with the detected biological identification data; anetwork connected to the near distance communication means; and anauthentication processing unit connected to the network that performsmutual authentication between the communication target and a managementserver via the near-distance communication means and the networkconnected to the management server, wherein, if mutual authenticationbetween the communication target and the management server is confirmedby the authentication processing unit, the communication target and thenear distance communication exchange information for encrypting anddecrypting the stored biological identification data.
 3. The informationprocessing apparatus according to claim 2, further comprising networkcommunication means which communicates with a management server whichmanages the biological identification data registered in thecommunication target, establishing a correspondence thereof, wherein,the biological authentication means compares mutually one another of thebiological data at the predetermined portion, extracted by theextraction means, the biological identification data obtained from themanagement server via the network communication means, and thebiological identification data obtained from the communication targetvia the near-distance communication means.
 4. The information processingapparatus according to claim 2, further comprising network communicationmeans which communicates with a management server via a predeterminednetwork, the management server managing the biological identificationdata registered in the communication target and compressed data by useof data obtained in a process up to generation of the biologicalidentification data, with a correspondence established between thebiological identification data and a compressed data, wherein: theextraction means generates the compressed data by use of data obtainedin a process up to extraction of the biological data at thepredetermined portion from the biological data detected by thebiological sensor; and the biological authentication means compares thecompressed data generated by the extraction means with the compresseddata obtained from the management server via the network communicationmeans.
 5. The information processing apparatus according to claim 4,wherein the biological authentication means compares the compressed datagenerated by the extraction means with the compressed data obtained fromthe management server via the network communication means, as well asthe biological data at the predetermined portion, extracted by theextraction means, with the biological identification data obtained fromthe communication target via the near-distance communication means. 6.The information processing apparatus according to claim 2, wherein: thecommunication target is provided with a light source; the informationprocessing apparatus further comprises (a) generation means whichgenerates a flicker pattern to control a flickering state of the lightsource, and (b) encryption means which encrypts the flicker patterngenerated by the generation means; and the biological authenticationmeans compares the flicker pattern with a luminance pattern of thebiological data, which is detected by the biological sensor through theliving body brought close to the predetermined position and emitted withlight flickered in accordance with the flicker pattern from the lightsource in the communication target brought close to the predeterminedposition.
 7. An information processing system comprising: equipmentmeans which is equipped on a predetermined portion of a living body andhas (1) a storage means which stores a first biological identificationdata associated with the predetermined portion of the living body; and(2) a communication means which is held by the equipment means andtransmits the first biological identification data directly to acommunication target to which the predetermined portion equipped withthe equipment means is brought close; a biological authentication meanswhich performs biological authentication, based on the first biologicalidentification data and on a second biological identification data, saidsecond biological identification data being extracted from biologicalinformation detected by a biological sensor while the communicationmeans transmits the first biological identification data to thecommunication target; a network connected to the biologicalauthentication means; and an authentication processing unit connected tothe network that performs mutual authentication between the equipmentmeans and a management server via the biological authentication meansconnecting to the management server via the network, wherein, if mutualauthentication between the equipment and the management server isconfirmed by the authentication processing unit, the equipment means andthe biological authentication means exchange information for encryptingand decrypting the first biological identification data.
 8. Theinformation processing apparatus according to claim 7, furthercomprising voltage accumulation means which accumulates a voltageinduced in response to reception of a signal supplied from thecommunication target, wherein the communication means transmits thebiological identification data to the communication target, using thevoltage accumulated by the voltage accumulation means as anelectromotive force.
 9. The information processing apparatus accordingto claim 7, wherein: the equipment means is constituted by (a) acircular ring portion, and (b) a light source which is provided on thering portion and emits imaging light on the identification target at thepredetermined portion; and the imaging light is guided to an imagingelement provided on the communication target, through the living bodybrought close to the communication target.
 10. The informationprocessing apparatus according to claim 7, wherein: the imaging light isflickered in accordance with a flicker pattern supplied from thecommunication target; and the flicker pattern is compared with aluminance pattern of images sequentially generated on the basis of theimaging light.